<?php
//<script>alert('You are hacked !!')</script>
//<script>window.location='http://google.com'</script>

if(isset($_POST['comment'])) {
  $comment = trim($_POST['comment']);
  echo $comment  ;
  //echo htmlentities($comment)  ;
}

?>

<form name="testData" action="" method="post">

  <textarea name="comment"></textarea>
  <input type="submit">
</form>
